diff options
-rw-r--r-- | security/sudo/Makefile | 6 | ||||
-rw-r--r-- | security/sudo/PLIST | 12 | ||||
-rw-r--r-- | security/sudo/distinfo | 14 | ||||
-rw-r--r-- | security/sudo/patches/patch-aa | 62 | ||||
-rw-r--r-- | security/sudo/patches/patch-af | 45 | ||||
-rw-r--r-- | security/sudo/patches/patch-ag | 60 |
6 files changed, 104 insertions, 95 deletions
diff --git a/security/sudo/Makefile b/security/sudo/Makefile index 66d12a484b4..fcd90e4eca0 100644 --- a/security/sudo/Makefile +++ b/security/sudo/Makefile @@ -1,7 +1,7 @@ -# $NetBSD: Makefile,v 1.122 2010/07/05 03:08:10 taca Exp $ +# $NetBSD: Makefile,v 1.123 2010/09/10 17:11:27 spz Exp $ # -DISTNAME= sudo-1.7.2p8 +DISTNAME= sudo-1.7.4p4 CATEGORIES= security MASTER_SITES= http://www.courtesan.com/sudo/dist/ \ ftp://ftp.courtesan.com/pub/sudo/ \ @@ -9,8 +9,6 @@ MASTER_SITES= http://www.courtesan.com/sudo/dist/ \ ftp://ftp.twaren.net/Unix/Security/Sudo/ \ http://ftp.tux.org/pub/security/sudo/ -DIST_SUBDIR= ${DISTNAME}-200805130 - MAINTAINER= kim@tac.nyc.ny.us HOMEPAGE= http://www.courtesan.com/sudo/ COMMENT= Allow others to run commands as root diff --git a/security/sudo/PLIST b/security/sudo/PLIST index ab98ae6041a..8a77b325a9d 100644 --- a/security/sudo/PLIST +++ b/security/sudo/PLIST @@ -1,14 +1,24 @@ -@comment $NetBSD: PLIST,v 1.4 2009/06/14 18:13:40 joerg Exp $ +@comment $NetBSD: PLIST,v 1.5 2010/09/10 17:11:27 spz Exp $ bin/sudo bin/sudoedit +bin/sudoreplay libexec/sudo_noexec.so man/man5/sudoers.5 ${PLIST.ldap}man/man5/sudoers.ldap.5 man/man8/sudo.8 man/man8/sudoedit.8 +man/man8/sudoreplay.8 man/man8/visudo.8 sbin/visudo +share/doc/sudo/ChangeLog +share/doc/sudo/HISTORY +share/doc/sudo/LICENSE +share/doc/sudo/NEWS share/doc/sudo/README share/doc/sudo/README.LDAP +share/doc/sudo/TROUBLESHOOTING share/doc/sudo/UPGRADE +share/doc/sudo/sample.pam +share/doc/sudo/sample.sudoers +share/doc/sudo/sample.syslog.conf share/examples/sudo/sudoers diff --git a/security/sudo/distinfo b/security/sudo/distinfo index 551bc89fd07..194006a89bb 100644 --- a/security/sudo/distinfo +++ b/security/sudo/distinfo @@ -1,8 +1,8 @@ -$NetBSD: distinfo,v 1.64 2010/07/05 03:08:10 taca Exp $ +$NetBSD: distinfo,v 1.65 2010/09/10 17:11:27 spz Exp $ -SHA1 (sudo-1.7.2p8-200805130/sudo-1.7.2p8.tar.gz) = 9534dda2d9fc60b9a733b2a7f69050c183e6ccd0 -RMD160 (sudo-1.7.2p8-200805130/sudo-1.7.2p8.tar.gz) = 6d7f249e9b73f5631c76f868f1b26bf75bc5cf03 -Size (sudo-1.7.2p8-200805130/sudo-1.7.2p8.tar.gz) = 772639 bytes -SHA1 (patch-aa) = bd35d9a9168a70c53b8908570cd86483b117a084 -SHA1 (patch-af) = dbbe3f0a13eb82645b96806a2fb866eef59ad8e4 -SHA1 (patch-ag) = 9e6d2cff0b075a2d668aeccb4646dec797150e79 +SHA1 (sudo-1.7.4p4.tar.gz) = c873f509f80d5722989a912a42a61ad27b71453f +RMD160 (sudo-1.7.4p4.tar.gz) = 3b5eb69b4317c72def0e811c58a24df8c9c1c892 +Size (sudo-1.7.4p4.tar.gz) = 963663 bytes +SHA1 (patch-aa) = 05f2f71bf7393cfd878c0a6c14d2d5a79177daac +SHA1 (patch-af) = 86b9bd17dbfe1951c48055cd191d3071766385c6 +SHA1 (patch-ag) = 7a64eed90eb88f10280e876a5a6beaab2e12e7c6 diff --git a/security/sudo/patches/patch-aa b/security/sudo/patches/patch-aa index 2dad72d425e..4f29daeb8cb 100644 --- a/security/sudo/patches/patch-aa +++ b/security/sudo/patches/patch-aa @@ -1,58 +1,70 @@ -$NetBSD: patch-aa,v 1.23 2010/04/16 15:33:52 taca Exp $ +$NetBSD: patch-aa,v 1.24 2010/09/10 17:11:27 spz Exp $ ---- Makefile.in.orig 2010-04-09 21:13:21.000000000 +0000 +--- Makefile.in.orig 2010-09-03 21:43:57.000000000 +0000 +++ Makefile.in -@@ -196,7 +196,7 @@ sudo_noexec.lo: $(srcdir)/sudo_noexec.c +@@ -205,7 +205,7 @@ sudo_noexec.lo: $(srcdir)/sudo_noexec.c $(LIBTOOL) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/sudo_noexec.c - sudo_noexec.la: sudo_noexec.lo + libsudo_noexec.la: sudo_noexec.lo - $(LIBTOOL) --mode=link $(CC) $(LDFLAGS) -o $@ sudo_noexec.lo -avoid-version -rpath $(noexecdir) + $(LIBTOOL) --mode=link $(CC) -module $(LDFLAGS) -o $@ sudo_noexec.lo -avoid-version -rpath $(noexecdir) # Uncomment the following if you want "make distclean" to clean the parser - @DEV@GENERATED = gram.h gram.c toke.c def_data.c def_data.h -@@ -403,36 +403,36 @@ sudoers.ldap.cat: sudoers.ldap.man - @DEV@LICENSE: license.pod - @DEV@ pod2text -l -i0 $> | sed '1,2d' > $@ + @DEV@GENERATED = gram.h gram.c toke.c def_data.c def_data.h getdate +@@ -475,43 +475,43 @@ ChangeLog: + hg log --style=changelog -b default --date '<2010-01-18 00:00:00' >> $@; \ + fi --install: install-dirs install-binaries @INSTALL_NOEXEC@ install-sudoers install-man -+install: install-dirs install-binaries @INSTALL_NOEXEC@ install-man +-install: install-dirs install-binaries @INSTALL_NOEXEC@ install-sudoers install-doc ++install: install-dirs install-binaries @INSTALL_NOEXEC@ install-doc install-dirs: $(SHELL) $(srcdir)/mkinstalldirs $(DESTDIR)$(sudodir) \ -- $(DESTDIR)$(visudodir) $(DESTDIR)$(sudoersdir) \ -+ $(DESTDIR)$(visudodir) \ - $(DESTDIR)$(mandirsu) $(DESTDIR)$(mandirform) \ - $(DESTDIR)$(noexecdir) + $(DESTDIR)$(visudodir) $(DESTDIR)$(noexecdir) \ +- $(DESTDIR)$(sudoersdir) $(DESTDIR)$(docdir) \ ++ $(DESTDIR)$(docdir) \ + $(DESTDIR)$(mandirsu) $(DESTDIR)$(mandirform) + $(SHELL) $(srcdir)/mkinstalldirs -m 0700 $(DESTDIR)$(timedir) install-binaries: install-dirs $(PROGS) -- $(INSTALL) -O $(install_uid) -G $(install_gid) -M 4111 -s sudo $(DESTDIR)$(sudodir)/sudo -+ $(INSTALL) -o $(install_uid) -g $(install_gid) -m 4111 -s sudo $(DESTDIR)$(sudodir)/sudo +- $(INSTALL) -b~ -O $(install_uid) -G $(install_gid) -M 04111 sudo $(DESTDIR)$(sudodir)/sudo ++ $(INSTALL) -o $(install_uid) -g $(install_gid) -m 04111 sudo $(DESTDIR)$(sudodir)/sudo rm -f $(DESTDIR)$(sudodir)/sudoedit ln $(DESTDIR)$(sudodir)/sudo $(DESTDIR)$(sudodir)/sudoedit -- $(INSTALL) -O $(install_uid) -G $(install_gid) -M 0111 -s visudo $(DESTDIR)$(visudodir)/visudo --@SELINUX@ $(INSTALL) -O $(install_uid) -G $(install_gid) -M 0111 -s sesh $(DESTDIR)$(libexecdir)/sesh -+ $(INSTALL) -o $(install_uid) -g $(install_gid) -m 0111 -s visudo $(DESTDIR)$(visudodir)/visudo -+@SELINUX@ $(INSTALL) -o $(install_uid) -g $(install_gid) -m 0111 -s sesh $(DESTDIR)$(libexecdir)/sesh +- if [ -f sudoreplay ]; then $(INSTALL) -b~ -O $(install_uid) -G $(install_gid) -M 0111 sudoreplay $(DESTDIR)$(sudodir)/sudoreplay; fi +- $(INSTALL) -b~ -O $(install_uid) -G $(install_gid) -M 0111 visudo $(DESTDIR)$(visudodir)/visudo +- if [ -f sesh ]; then $(INSTALL) -b~ -O $(install_uid) -G $(install_gid) -M 0111 sesh $(DESTDIR)$(libexecdir)/sesh; fi ++ if [ -f sudoreplay ]; then $(INSTALL) -o $(install_uid) -g $(install_gid) -m 0111 sudoreplay $(DESTDIR)$(sudodir)/sudoreplay; fi ++ $(INSTALL) -o $(install_uid) -g $(install_gid) -m 0111 visudo $(DESTDIR)$(visudodir)/visudo ++ if [ -f sesh ]; then $(INSTALL) -o $(install_uid) -g $(install_gid) -m 0111 sesh $(DESTDIR)$(libexecdir)/sesh; fi - install-noexec: install-dirs sudo_noexec.la -- test -f .libs/$(noexecfile) && $(INSTALL) -O $(install_uid) -G $(install_gid) -M 0755 .libs/$(noexecfile) $(DESTDIR)$(noexecdir) -+ test -f .libs/$(noexecfile) && $(INSTALL) -o $(install_uid) -g $(install_gid) -m 0755 .libs/$(noexecfile) $(DESTDIR)$(noexecdir) + install-noexec: install-dirs libsudo_noexec.la +- if [ -f .libs/lib$(noexecfile) ]; then $(INSTALL) -b~ -O $(install_uid) -G $(install_gid) -M 0755 .libs/lib$(noexecfile) $(DESTDIR)$(noexecdir)/$(noexecfile); fi ++ if [ -f .libs/lib$(noexecfile) ]; then $(INSTALL) -o $(install_uid) -g $(install_gid) -m 0755 .libs/lib$(noexecfile) $(DESTDIR)$(noexecdir)/$(noexecfile); fi install-sudoers: install-dirs +- $(INSTALL) -d -O $(sudoers_uid) -G $(sudoers_gid) -M 0750 \ ++ $(INSTALL) -d -o $(sudoers_uid) -g $(sudoers_gid) -m 0750 \ + $(DESTDIR)$(sudoersdir)/sudoers.d test -f $(DESTDIR)$(sudoersdir)/sudoers || \ - $(INSTALL) -O $(sudoers_uid) -G $(sudoers_gid) -M $(sudoers_mode) \ + $(INSTALL) -o $(sudoers_uid) -g $(sudoers_gid) -m $(sudoers_mode) \ - $(srcdir)/sudoers $(DESTDIR)$(sudoersdir)/sudoers + sudoers $(DESTDIR)$(sudoersdir)/sudoers - install-man: install-dirs + install-doc: install-dirs ChangeLog +- (cd $(srcdir) && for f in ChangeLog HISTORY LICENSE NEWS README TROUBLESHOOTING UPGRADE sample.*; do $(INSTALL) -O $(install_uid) -G $(install_gid) -M 0444 $$f $(DESTDIR)$(docdir); done) +- @LDAP@(cd $(srcdir) && for f in README.LDAP schema.* sudoers2ldif; do $(INSTALL) -O $(install_uid) -G $(install_gid) -M 0444 $$f $(DESTDIR)$(docdir); done) - $(INSTALL) -O $(install_uid) -G $(install_gid) -M 0444 @mansrcdir@/sudo.$(mantype) $(DESTDIR)$(mandirsu)/sudo.$(mansectsu) ++ (cd $(srcdir) && for f in ChangeLog HISTORY LICENSE NEWS README TROUBLESHOOTING UPGRADE sample.*; do $(INSTALL) -o $(install_uid) -g $(install_gid) -m 0444 $$f $(DESTDIR)$(docdir); done) ++ @LDAP@(cd $(srcdir) && for f in README.LDAP schema.* sudoers2ldif; do $(INSTALL) -o $(install_uid) -g $(install_gid) -m 0444 $$f $(DESTDIR)$(docdir); done) + $(INSTALL) -o $(install_uid) -g $(install_gid) -m 0444 @mansrcdir@/sudo.$(mantype) $(DESTDIR)$(mandirsu)/sudo.$(mansectsu) @rm -f $(DESTDIR)$(mandirsu)/sudoedit.$(mansectsu) ln $(DESTDIR)$(mandirsu)/sudo.$(mansectsu) $(DESTDIR)$(mandirsu)/sudoedit.$(mansectsu) +- @REPLAY@$(INSTALL) -O $(install_uid) -G $(install_gid) -M 0444 @mansrcdir@/sudoreplay.$(mantype) $(DESTDIR)$(mandirsu)/sudoreplay.$(mansectsu) - $(INSTALL) -O $(install_uid) -G $(install_gid) -M 0444 @mansrcdir@/visudo.$(mantype) $(DESTDIR)$(mandirsu)/visudo.$(mansectsu) - $(INSTALL) -O $(install_uid) -G $(install_gid) -M 0444 @mansrcdir@/sudoers.$(mantype) $(DESTDIR)$(mandirform)/sudoers.$(mansectform) - @LDAP@$(INSTALL) -O $(install_uid) -G $(install_gid) -M 0444 @mansrcdir@/sudoers.ldap.$(mantype) $(DESTDIR)$(mandirform)/sudoers.ldap.$(mansectform) ++ @REPLAY@$(INSTALL) -o $(install_uid) -g $(install_gid) -m 0444 @mansrcdir@/sudoreplay.$(mantype) $(DESTDIR)$(mandirsu)/sudoreplay.$(mansectsu) + $(INSTALL) -o $(install_uid) -g $(install_gid) -m 0444 @mansrcdir@/visudo.$(mantype) $(DESTDIR)$(mandirsu)/visudo.$(mansectsu) + $(INSTALL) -o $(install_uid) -g $(install_gid) -m 0444 @mansrcdir@/sudoers.$(mantype) $(DESTDIR)$(mandirform)/sudoers.$(mansectform) + @LDAP@$(INSTALL) -o $(install_uid) -g $(install_gid) -m 0444 @mansrcdir@/sudoers.ldap.$(mantype) $(DESTDIR)$(mandirform)/sudoers.ldap.$(mansectform) diff --git a/security/sudo/patches/patch-af b/security/sudo/patches/patch-af index 478cd8b54de..2d6f42d303b 100644 --- a/security/sudo/patches/patch-af +++ b/security/sudo/patches/patch-af @@ -1,16 +1,8 @@ -$NetBSD: patch-af,v 1.24 2010/07/05 03:08:10 taca Exp $ +$NetBSD: patch-af,v 1.25 2010/09/10 17:11:27 spz Exp $ ---- configure.in.orig 2010-06-30 13:16:51.000000000 +0000 +--- configure.in.orig 2010-09-06 12:03:33.000000000 +0000 +++ configure.in -@@ -158,7 +158,6 @@ else - fi - test "$bindir" = '${exec_prefix}/bin' && bindir='$(exec_prefix)/bin' - test "$sbindir" = '${exec_prefix}/sbin' && sbindir='$(exec_prefix)/sbin' --test "$sysconfdir" = '${prefix}/etc' -a X"$with_stow" != X"yes" && sysconfdir='/etc' - - dnl - dnl Deprecated --with options (these all warn or generate an error) -@@ -296,6 +295,19 @@ AC_ARG_WITH(csops, [AS_HELP_STRING([--wi +@@ -322,6 +322,18 @@ AC_ARG_WITH(csops, [AS_HELP_STRING([--wi ;; esac]) @@ -26,25 +18,32 @@ $NetBSD: patch-af,v 1.24 2010/07/05 03:08:10 taca Exp $ + *) echo "Ignoring unknown argument to --with-nbsdops: $with_nbsdops" + ;; +esac]) -+ AC_ARG_WITH(passwd, [AS_HELP_STRING([--without-passwd], [don't use passwd/shadow file for authentication])], [case $with_passwd in yes|no) AC_MSG_CHECKING(whether to use shadow/passwd file authentication) -@@ -1799,7 +1811,7 @@ fi +@@ -1865,7 +1877,7 @@ SUDO_MAILDIR if test ${with_logincap-'no'} != "no"; then - AC_CHECK_HEADERS(login_cap.h, [LOGINCAP_USAGE='[[-c class|-]] '; LCMAN="" + AC_CHECK_HEADERS(login_cap.h, [LOGINCAP_USAGE='[[-c class|-]] '; LCMAN=1 case "$OS" in - freebsd|netbsd) SUDO_LIBS="${SUDO_LIBS} -lutil" + dragonfly*|freebsd*|netbsd*) SUDO_LIBS="${SUDO_LIBS} -lutil" ;; esac ]) -@@ -2251,6 +2263,8 @@ if test ${with_kerb5-'no'} != "no" -a -z - AC_CHECK_LIB(krb5support, main, [SUDO_LIBS="${SUDO_LIBS} -lkrb5support"]) - ]) - AUTH_OBJS="$AUTH_OBJS kerb5.o" -+fi -+if test ${with_kerb5-'no'} != "no"; then - _LIBS="$LIBS" - LIBS="${LIBS} ${SUDO_LIBS}" - AC_CHECK_FUNCS(krb5_verify_user krb5_init_secure_context) +@@ -2317,6 +2329,8 @@ if test ${with_kerb5-'no'} != "no"; then + if test -n "$KRB5CONFIG"; then + AC_DEFINE(HAVE_KERB5) + AUTH_OBJS="$AUTH_OBJS kerb5.o" ++ fi ++ if test ${with_kerb5-'no'} != "no"; then + CPPFLAGS="$CPPFLAGS `krb5-config --cflags`" + SUDO_LIBS="$SUDO_LIBS `krb5-config --libs`" + dnl +@@ -2798,7 +2812,6 @@ test "$libexecdir" = '${exec_prefix}/lib + test "$includedir" = '${prefix}/include' && includedir='$(prefix)/include' + test "$datarootdir" = '${prefix}/share' && datarootdir='$(prefix)/share' + test "$docdir" = '${datarootdir}/doc/${PACKAGE_TARNAME}' && docdir='$(datarootdir)/doc/$(PACKAGE_TARNAME)' +-test "$sysconfdir" = '${prefix}/etc' -a X"$with_stow" != X"yes" && sysconfdir='/etc' + + dnl + dnl Substitute into the Makefile and man pages diff --git a/security/sudo/patches/patch-ag b/security/sudo/patches/patch-ag index d1e3b5b4bcc..e6e508f5db3 100644 --- a/security/sudo/patches/patch-ag +++ b/security/sudo/patches/patch-ag @@ -1,35 +1,27 @@ -$NetBSD: patch-ag,v 1.15 2010/07/05 03:08:10 taca Exp $ +$NetBSD: patch-ag,v 1.16 2010/09/10 17:11:27 spz Exp $ ---- configure.orig 2010-06-30 13:17:19.000000000 +0000 +--- configure.orig 2010-09-06 12:03:39.000000000 +0000 +++ configure -@@ -1454,7 +1454,7 @@ Fine tuning of the installation director - --bindir=DIR user executables [EPREFIX/bin] - --sbindir=DIR system admin executables [EPREFIX/sbin] - --libexecdir=DIR program executables [EPREFIX/libexec] -- --sysconfdir=DIR read-only single-machine data [etc] -+ --sysconfdir=DIR read-only single-machine data [PREFIX/etc] - --sharedstatedir=DIR modifiable architecture-independent data [PREFIX/com] - --localstatedir=DIR modifiable single-machine data [PREFIX/var] - --libdir=DIR object code libraries [EPREFIX/lib] -@@ -1527,6 +1527,7 @@ Optional Packages: - --with-devel add development options +@@ -1589,7 +1589,7 @@ Fine tuning of the installation director + --bindir=DIR user executables [EPREFIX/bin] + --sbindir=DIR system admin executables [EPREFIX/sbin] + --libexecdir=DIR program executables [EPREFIX/libexec] +- --sysconfdir=DIR read-only single-machine data [/etc] ++ --sysconfdir=DIR read-only single-machine data [PREFIX/etc] + --sharedstatedir=DIR modifiable architecture-independent data [PREFIX/com] + --localstatedir=DIR modifiable single-machine data [PREFIX/var] + --libdir=DIR object code libraries [EPREFIX/lib] +@@ -1667,6 +1667,7 @@ Optional Packages: + --with-libraries additional libraries to link with --with-efence link with -lefence for malloc() debugging --with-csops add CSOps standard options + --with-nbsdops add NetBSD standard options --without-passwd don't use passwd/shadow file for authentication --with-skey=DIR enable S/Key support --with-opie=DIR enable OPIE support -@@ -2184,7 +2185,6 @@ else +@@ -4038,6 +4039,22 @@ $as_echo "$as_me: WARNING: Ignoring unkn + esac fi - test "$bindir" = '${exec_prefix}/bin' && bindir='$(exec_prefix)/bin' - test "$sbindir" = '${exec_prefix}/sbin' && sbindir='$(exec_prefix)/sbin' --test "$sysconfdir" = '${prefix}/etc' -a X"$with_stow" != X"yes" && sysconfdir='/etc' - - - -@@ -2397,6 +2397,23 @@ fi - - +# Check whether --with-nbsdops or --without-nbsdops was given. +if test "${with_nbsdops+set}" = set; then @@ -47,25 +39,23 @@ $NetBSD: patch-ag,v 1.15 2010/07/05 03:08:10 taca Exp $ +esac +fi; + -+ + + # Check whether --with-passwd was given. - if test "${with_passwd+set}" = set; then - withval=$with_passwd; case $with_passwd in -@@ -14358,7 +14375,7 @@ if test `eval echo '${'$as_ac_Header'}'` +@@ -14153,7 +14170,7 @@ if test "x$ac_cv_header_login_cap_h" = x _ACEOF - LOGINCAP_USAGE='[-c class|-] '; LCMAN="" + LOGINCAP_USAGE='[-c class|-] '; LCMAN=1 case "$OS" in - freebsd|netbsd) SUDO_LIBS="${SUDO_LIBS} -lutil" + dragonfly*|freebsd*|netbsd*) SUDO_LIBS="${SUDO_LIBS} -lutil" ;; esac -@@ -21644,6 +21661,8 @@ fi +@@ -18468,7 +18485,6 @@ test "$libexecdir" = '${exec_prefix}/lib + test "$includedir" = '${prefix}/include' && includedir='$(prefix)/include' + test "$datarootdir" = '${prefix}/share' && datarootdir='$(prefix)/share' + test "$docdir" = '${datarootdir}/doc/${PACKAGE_TARNAME}' && docdir='$(datarootdir)/doc/$(PACKAGE_TARNAME)' +-test "$sysconfdir" = '${prefix}/etc' -a X"$with_stow" != X"yes" && sysconfdir='/etc' - rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext - AUTH_OBJS="$AUTH_OBJS kerb5.o" -+fi -+if test ${with_kerb5-'no'} != "no"; then - _LIBS="$LIBS" - LIBS="${LIBS} ${SUDO_LIBS}" + ac_config_files="$ac_config_files Makefile sudo.man visudo.man sudoers.man sudoers.ldap.man sudoreplay.man sudo_usage.h sudoers" |